packetbeat.interfaces.device: {{ ansible_default_ipv4.alias }}
packetbeat.interfaces.snaplen: {{ ansible_default_ipv4.mtu }}
packetbeat.interfaces.type: af_packet
packetbeat.interfaces.buffer_size_mb: 50
packetbeat.ignore_outgoing: {{ packetbeat_ignore_outgoing | bool | to_json }}

{% if packetbeat_flows | bool %}
packetbeat.flows:
  timeout: 30s
  period: 10s
{% endif %}

packetbeat.protocols:
{% if "icmp" in packetbeat_protocols %}
- type: icmp
  enabled: true
{% endif %}
{% if "amqp" in packetbeat_protocols %}
- type: amqp
  enabled: true
  ports: [5672]
{% endif %}
{% if "cassandra" in packetbeat_protocols %}
- type: cassandra
  enabled: true
  ports: [9042]
{% endif %}
{% if "dhcpv4" in packetbeat_protocols %}
- type: dhcpv4
  enabled: true
  ports: [67, 68]
{% endif %}
{% if "dns" in packetbeat_protocols %}
- type: dns
  enabled: true
  ports: [53]
{% endif %}
{% if "http" in packetbeat_protocols %}
- type: http
  enabled: true
  ports: [80, 8080, 8000, 5000, 8002]
  real_ip_header: "X-Forwarded-For"
{% endif %}
{% if "memcache" in packetbeat_protocols %}
- type: memcache
  enabled: true
  ports: [11211]
{% endif %}
{% if "mysql" in packetbeat_protocols %}
- type: mysql
  enabled: true
  ports: [3306,3307]
{% endif %}
{% if "pgsql" in packetbeat_protocols %}
- type: pgsql
  enabled: true
  ports: [5432]
{% endif %}
{% if "redis" in packetbeat_protocols %}
- type: redis
  enabled: true
  ports: [6379]
{% endif %}
{% if "thrift" in packetbeat_protocols %}
- type: thrift
  enabled: true
  ports: [9090]
{% endif %}
{% if "mongodb" in packetbeat_protocols %}
- type: mongodb
  enabled: true
  ports: [27017]
{% endif %}
{% if "nfs" in packetbeat_protocols %}
- type: nfs
  enabled: true
  ports: [2049]
{% endif %}
{% if "tls" in packetbeat_protocols %}
- type: tls
  enabled: true
  ports: [443, 993, 995, 5223, 6443, 7443, 8443, 8883, 9243, 9443]
{% endif %}

{% if beats_output_type == 'elasticsearch' %}
setup.template:
  json.enabled: true
  json.path: '/etc/packetbeat/packetbeat-template.json'
  json.name: 'packetbeat'
  overwrite: true
setup.ilm.enabled: false
setup.dashboards.enabled: true
setup.kibana:
  host: "{{ beats_kibana_host | list | random(seed=ansible_hostname) }}:{{ beats_kibana_port | default('5601') }}"
  protocol: "{% if beats_output_auth | bool and beats_output_https | bool %}https{% else %}http{% endif %}"
{% if beats_output_auth %}
  kibana.name: "{{ beats_output_user | default('elastic') }}"
  kibana.password: "{{ beats_output_pass | default('changeme') }}"
{% endif %}
  ssl:
    supported_protocols: [TLSv1.2]
    verification_mode: none
{% endif %}

output.{{ beats_output_type }}:
  bulk_max_size: 1000
{% if beats_output_type == 'elasticsearch' %}
  protocol: "{% if beats_output_auth | bool and beats_output_https | bool %}https{% else %}http{% endif %}"
{% if beats_output_auth %}
  username: "{{ beats_output_user | default('elastic') }}"
  password: "{{ beats_output_pass | default('changeme') }}"
{% endif %}
  ssl:
    supported_protocols: [TLSv1.2]
    verification_mode: none
{% endif %}
  hosts: ['{{ beats_output_host | list | join(":" + beats_output_port + "', '") }}:{{ beats_output_port }}']
  loadbalance: {% if beats_output_host | length > 1 %}true{% else %}false{% endif %}

fields_under_root: true
fields:
  enviornment: {{ environments | default("prd") | lower }}
  datacenter: {{ datacenter | default("") | lower }}
  domain: {{ domain | default("") | lower }}
  customer: {{ customer | default("Customer") | title | regex_replace("_", "-") }}
  project: {{ group_names[-1] | default("PROJECT") | title | regex_replace("_", "-") }}
  group: {{ group_names[0] | default("GROUP") | title | regex_replace("_", "-") }}
  source: {{ ansible_fqdn }}
{% if tags is defined %}
{% for key,value in tags.iteritems() %}
  {{ key }}: {{ value }}
{% endfor %}
{% endif %}

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

logging.level: error
logging.to_syslog: true

http:
  enabled: true
  host: localhost
  port: {{ beats_port_arg.http }}
